Panama Papers: Law firm Mossack Fonseca ‘victim of hack’

A high profile law firm based out of Panama had their WordPress website hacked. The problem wasn’t the quality of WordPress core, it was using an outdated plugin, which would end up being a colossal mistake.

“Mossack Fonseca (MF), the Panamanian law firm at the center of the so called Panama Papers Breach may have been breached via a vulnerable version of Revolution Slider. The data breach has so far brought down the Prime Minister of Iceland and surrounded Russian President Putin and British Prime Minister David Cameron with controversy, among other famous public figures. It is the largest data breach to journalists in history, weighing in at 2.6 terabytes and 11.5 million documents.”
(BBC News, 6 April 2016)

In reviewing technical breakdowns of what occurred, it seems as though the attacker(s) leveraged an exploit in Slider Revolution which gave them a shell (remote access) to the server and from there they were able to move laterally and compromise their email.

If you’re running a WordPress website, stay on top of regular updates with our maintenance service.